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(i) REAL PARTY IN INTEREST 

The Assignee of all right, title and interest to the above-referenced Application 
Hewlett-Packard (Canada) Co., a Canadian corporation. 



(ii) RELATED APPEALS AND INTERFERENCES 

Appellants, Appellants' legal representative, and the assignee of the present application 

> 

are not aware of any prior or pending appeals, interferences or judicial proceedings which may be 
related to, directly affect or have a bearing on the Board's decision in the pending appeal. 
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(iii) STATUS OF CLAIMS 

Claims 1- 63 are pending in the Application. 

Claims rejected: 25-30, 45, 54 and 55 
Claims allowed: none 
Claims confirmed: none 

Claims withdrawn: 1 -24, 3 1 -44, 46-53 and 56-63 

Claims objected to: none 

Claims canceled: none 
Appellants appeal the rejections of claims 25-30, 45, 54 and 55. These claim rejections 
were the only claim rejections present in the Office Action ("Action") dated July 28, 2005, which 
was Final. 
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(iv) STATUS OF AMENDMENTS 

A final rejection was made July 28, 2005. No amendments to the claims were requested 
to be admitted after the non-final rejection. 
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(v) SUMMARY OF CLAIMED SUBJECT MATTER 

Concise explanations of exemplary forms of the claimed invention: 



With respect to independent claim 25 

An exemplary form of the invention is directed to a graphical user interface for a security 
service for a computer network (Page 6, lines 12-20). The computer network comprises defined 
users (10, 12) (Figure 1), services and resources (56) (Figure 3). The graphical user interface (14, 
16, 26, 28) (Figure 1 and 5; Page 23, lines 5-8) displays a grid comprising nodes (94) laid out on 
a first and on a second axis, user labels (92) corresponding to defined users, and resource labels 
(90) corresponding to the defined services and resources. Each user label labels nodes aligned 
relative to the first axis of the grid. Each resource label labels nodes aligned relative to the 
second axis of the grid, hi addition, the nodes in the grid corresponding to access policies for the 
defined users and defined services and resources for the computer network, correspond to the 
user and resource labels (Figure 5; Page 23, lines 5-15). 

With respect to independent claim 29 

Another exemplary form of the invention is directed to a graphical user interface for a 
security service for a computer network (Page 6, lines 12-20). The computer network comprises 
defined users (10, 12) (Figure 1) represented by a business relationship tree data structure (130- 
134, 140, 142) (Figures 8 and 9). The computer network further comprises services and 
resources (56) (Figure 3), represented by a resource tree data structure (100-124) (Figure 6). The 
graphical user interface comprises display means (14, 16, 26, 28) (Figure 1 and 5; Page 23, lines 
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5-8) for displaying a grid comprising nodes (94) laid out on a first axis and on a second axis, 
user labels (92) corresponding to the users in the business relationship tree data structure, and 
resource labels (90) corresponding to the defined services and resources in the resource tree data 
structure. Each user label labels nodes aligned relative to the first axis of the grid. Also, each 
resource label labels nodes ahgned relative to the second axis of the grid, hi addition, the nodes 
in the grid corresponding to access pohcies for the defined users and defined services and 
resources, correspond to the user and resource labels (Figure 5; Page 23, lines 5-15). 

With respect to independent claim 54 

Another exemplary form of the invention is directed to a method for displaying access 
policies for a security service for a computer network (Page 6, lines 12-20). The computer 
network comprises defined users, services and resources. The method comprises the step of 
displaying, on a computer display unit, a grid having nodes (94), laid out on a first and on a 
second axis. The method also comprises the step of displaying, on the grid, unit user labels 
corresponding to the user data (92). Each user label labels nodes aligned relative to the first axis 
of the grid, hi addition, the method comprises displaying, on the grid, resource labels (90) 
corresponding to the services and resources data. Each resource label labels nodes aligned 
relative to the second axis of the grid. In addition, the nodes in the grid correspond to access 
policies for the defined users and defined services and resources for the computer netv^ork 
corresponding to the user and resource labels (Figure 5; Page 23, lines 5-15). 
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GROUNDS OF REJECTION TO BE REVIEWED ON APPEAL 

The grounds to be reviewed in this appeal are: 



Whether Appellants' claims 25, 26, 27, 29, 54 and 55 are unpatentable under 35 U.S.C. § 
102(b) over Flint, et al., U.S. Patent No. 6,453,419 ("Flint"); and 

Whether Appellants' claims 28, 30 and 45 are unpatentable under 35 U.S.C. § 103(a) 
over Flint, in further view of Wiegel U.S. Patent No. 6,484,261. 



(vii) ARGUMENT 

Flint U.S. Patent No. 6.453.419 

Flint is directed to a system and method for implementing a security policy. The system 
is operative to build access control rules with a graphical user interface (Figure 6a-6d, 7 and 8). 
The rules are displayed in the form a decision tree comprised of nodes (60-66) (Figure 4) which 
make true or false decisions. Each decision leads to a branch which contains more nodes (Figure 
4, Column 4, lines 8-11). 

Wiegel U.S. Patent No. 6.484.261 

The Wiegel patent is directed to graphical management of data communication policies in 
a network management system. The system comprises an administration component 206 which 
provides a mechanism for constructing representations of abstract network security pohcies. 
After a security policy is constructed, it is represented in a poUcy tree (316) as a named policy. 
(Figures 2 and 3; Column 15, lines 57-60). 

The 35 U.S.C. § 102 (b) Rejections 

The Applicable Legal Standards 

Anticipation pursuant to 35 U.S. C. § 102 requires that a single prior art reference contain 
all the elements of the claimed invention arranged in the manner recited in the claim. Connell v. 
Sears, Roebuck & Co., 722 F.2d 1542, 1548, 220 USPQ 193, 198 (Fed. Cir. 1983). 
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Anticipation under 35 U.S.C. § 102 requires, in a single prior art disclosure, each and 
every element of the claimed invention arranged in a manner such that the reference would 
literally infringe the claims at issue if made later in time. Lewmar Marine, Inc. v. Barient, Inc., 
827 R2d 744, 747, 3 USPQ2d 1766, 1768 (Fed. Cir. 1987). 

Anticipation by inherency requires that the Patent Office establish that persons skilled in 
the art would recognize that the missing element is necessarily present in the reference. To 
establish inherency the Office must prove through citation to prior art that the feature alleged to 
be inherent is "necessarily present" in a cited reference. Inherency may not be estabhshed based 
on probabilities or possibilities. It is plainly improper to reject a claim on the basis of 35 U.S.C. 
§ 102 based merely on the possibility that a particular prior art disclosure could or might be used 
or operated in the manner recited in the claim. In re Robertson, 169 F.3d 743, 49 U.S.P.Q. 2d 
1949 (Fed. Cir. 1999). 

It is respectfully submitted that the Action from which this appeal is taken does not meet 
these burdens. 

Rejection under 35 U.S.C, S 102fb) over Flint 

Claims 25, 26, 27, 29, 54, and 55 were rejected under 35 U.S.C. § 102(b) as being 
anticipated by Flint. These rejections are respectfully traversed. 
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Claim 25 

Claim 25 is an independent claim directed to a graphical user interface for a security 
service for a computer network. The Action at page 2 alleges that the recited grid is interpreted 
as the GUI shown in Figures 6a-6d, 7, and 8. Appellants disagree. 

Claim 25 specifically recites a grid comprising nodes laid out on a first and on a second 
axis. The grid comprises "user labels corresponding to defined users, each user label labelling 
nodes aligned relative to the first axis of the grid". The grid also comprises "resource labels 
corresponding to the defined services and resources, each resource label labelling nodes aligned 
relative to the second axis of the grid", hi addition, claim 25 recites that "the nodes in the grid 
corresponding to access policies for the defined users and defined services and resources for the 
computer network, corresponding to the user and resource labels". 

Nowhere do the GUIs shown in Figures 6a-6d, 7, and 8 show grids with these recited 
features. These Figures in Flint show decision trees which do not include user or resource labels 
on axes of a grid. Also, these Figures in Flint do not show or suggest that the displayed decision 
trees even have an organization which would enable nodes in the decision trees to have 
corresponding user labels and resource labels on axes of the grid. 

As shown in Figure 6a, a square icon (102) is a decision node which checks a connection 
request to determine if the request is accessing permitted IP addresses or hosts. If so, control 
moves to Allow node 104, If not control moves to Deny node 106 (Column 20, lines 30-34). As 
shown in Figure 6b, the decision tree may include a "user authentication filter" node (108). Also, 
as shown in Figure 6c, the decision tree may include a "user/group decision node" (110) (Column 
20, lines 36-47). 
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Flint does not disclose or suggest a grid comprising nodes which are labeled along a first 
axis with user labels and are labeled on a second axis with resource labels. Rather, the nodes 
taught in Flint (e.g. user/group decision node 110, deny node 1 12, and smart filter 1 14) are only 
represented by icons. Nowhere in Figures 6a-6d, 7, and 8 of Flint are there shown user labels 
along one axis or resource labels along another axis which correspond to the nodes of Flint's 
decision tree. 

In addition, claim 25 specifically recites that the nodes in the grid corresponding to access 
policies for the defined users and defined services and resoxirces for the computer network, 
correspond to the user and resource labels. Nowhere does Flint teach or suggest that it would be 
even possible to add such user labels and resource labels for purposes of labelling the node icons 
in Flint. For example, nowhere does Flint disclose or suggest that any of the node icons ahgned 
along a vertical axis (e.g. icons 102, 110, 108, 104 in Figure 7) or a horizontal axis (e.g. icons 
1 10, 120, 1 12 in Figure 7) correspond to a common user on one axis or a common resource on a 
second axis. 

hi addition, the rejection relies on conclusory statements, not evidence of record. For 
example, to support the rejection of claim 25, the Action relies on conclusory statements such as 
"the ahgnment of objects to an axis is well known in the art when designing computer programs 
to be displayed on a computer screen," and "it is also well known in the art there are many 
different ways to represent information. Take for example your typical Excel spreadsheet ..." 
(pages 2-3). The Action's mere assertions do not constitute the required prior art evidence of 
record, and thus lack substantial evidence support. The determination of patentability must be 
based on evidence of record, not on unsubstantiated assertions. As the evidence of record does 
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not support the rejection, the claims should be allowed. In re Zurko, supra. In re Lee, supra. 
MPEP § 2144.03. 

The Action also states (page 6) with respect to claim 54 that Flint discloses the 
"displaying, on the grid, unit user labels . . ." step (Column 5, lines 29-31) as well as the 
"displaying on the grid, resource labels . . ." step (Column 6, lines 25-37). Appellants disagree. 

Column 5, lines 29-31 of Flint referenced in the Action only discuses a user or group 
Usted in a node 70. 1 . It appears that the single node icon labelled 70. 1 shown in Figure 4 is 
intended to graphically correspond to one or more users or groups. However, nowhere does Flint 
disclose or suggest that user labels be displayed along an axis of a grid corresponding to the 
position of the node 70.1. Thus nowhere in Figure 4 or anywhere else in Flint is there disclosed 
or suggested the recited feature (in claim 25) of "user labels corresponding to defined users, each 
user label labelling nodes aligned relative to the first axis of the grid". 

hi addition, Column 6, lines 25-37 of Flint referenced in the Action only discuss features 
of decision and filter nodes. Nowhere in this portion of Flint or anywhere else in Flint is there 
disclosed or suggested displaying resource labels along a second axis of a grid corresponding to 
the position of either a decision or filter node. Thus nowhere does Flint disclose or suggest the 
recited feature (in claim 25) of "resource labels corresponding to the defined services and 
resources, each resource label labelling nodes aligned relative to the second axis of the grid". 

The Action also states that the aUgnment to the first axis (for the user labels) is inherent 
in a GUI. It appears by this statement that the Action acknowledges that Flint does not expressly 
disclose at least the user labels along a first axis. However, Appellants disagree that this feature 
would then be inherent. 
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Anticipation by inherency requires that the Patent Office estabhsh that persons skilled in 
the art would recognize that the missing element is necessarily present in the reference. To 
establish inherency the Office must prove through citation to prior art that the feature alleged to 
be inherent is "necessarily present" in a cited reference. Inherency may not be estabhshed based 
on probabilities or possibilities. It is plainly improper to reject a claim on the basis of 35 U.S.C. 
§ 102 based merely on the possibility that a particular prior art disclosure could or might be used 
or operated in the manner recited in the claim. In re Robertson, 169 F.3d 743, 49 U.S.P.Q. 2d 
1949 (Fed. Cir. 1999). 

With respect to Flint, user labels are not "necessarily present". For example, it is 
theoretically possible (although not disclosed) that any user or users associated with the user or 
group node 70.1 in Figure 4 could be displayed as a listing in a different window by double 
clicking on the node icon. Thus there is no inherent need in Flint for the GUI which displays the 
node 70.1 to include a user label associated with the node along an axis. Further, as Flint teaches 
that the node 70.1 may correspond to a Ust of users or groups (plural) (Column 5, lines 31-32) , 
the graphical difficulty in displaying labels for a Ust of users in the same location on an axis of a 
grid for a node provides further evidence that user labels are not "necessarily present" in Flint. 

In addition, claim 25 recites that the nodes in the grid correspond to the user and 
resource labels. Nowhere does Flint disclose or suggest that any of its described nodes 
correspond to both user labels and resource labels included on respective axes of a grid. Thus 
even if Flint discloses (which it does not) or it was inherent in Flint (which it is not) for a grid to 
include either user labels or resource labels, nowhere does Flint disclose or suggest as recited in 
claim 25 that "the nodes in the grid corresponding to access pohcies for the defined users and 
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defined services and resources for the computer network, corresponding to the user and resource 
labels". 

Flint does not explicitly or inherently teach the features and relationships recited in claim 
25. For all of these many reasons, Flint does not anticipate claim 25. Therefore, Appellants 
respectfully submit that the 35 U.S.C. § 102(b) rejection should be withdrawn. It follows that the 
rejections of claims 26-29 which depend from claim 25 should also be withdrawn. 

Claim 26 

Claim 26 depends from claim 25. Column 3, lines 31-47 of Flint do not as alleged in the 
Action show the features and relationships recited in claim 26. This referenced portion of Flint 
discusses defining Regions (e.g. Sales Office, Worldwide Customer Service) to which one or 
more networks are assigned (Column 3, lines 39-43). This referenced portion of Flint does not 
disclose or suggest a user definition component for defining a business relationship tree data 
structure representing a set of the defined users. Although Figure 3 includes text adjacent the 
R&D network box (32) corresponding to USERl, USER2, etc., nowhere does Flint disclose or 
suggest that such text is defined using a user definition component which is capable of defining a 
business relationship tree data structure representing a set of defined users. Further, nowhere 
does Flint disclose or suggest that the system of Flint is capable of displaying user labels in a 
graphical user interface corresponding to the business relationship tree data structure defined 
using a user definition component. 

Flint does not explicitly or inherently teach these recited features and relationships and 
therefore does not anticipate claim 26. 
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Claim 27 

Claim 27 depends from claim 25. Column 3, line 61, to column 4, line 7, of Flint does 
not as alleged in the Action show the features and relationships recited in claim 27. Rather, this 
referenced portion of Flint describes features of nodes that can be included in a decision tree. 
Flint states that nodes can check for criteria as the time of day, whether the connection uses the 
appropriate authentication or encryption, the user or groups initiating the connection request, or 
the IP address or host of the connection. Also, Flint states that each node is compared against an 
incoming connection request and it is determined whether the connection is allowed or denied 
based on the result of the node comparison. 

Although this referenced portion of Flint discloses the ability of Flint to create decision 
trees to represent an access rule, nowhere does Flint disclose or suggest taking the information 
from such a decision tree and producing a different view of the underlying data in which nodes 
corresponding to access policies are included on a grid and labelled on one axis with a 
corresponding user label and another axis by a corresponding resource label. 

Nowhere does Flint disclose or suggest that the system of Flint is capable of displaying 
resource labels in a graphical user interface corresponding to the resource tree data structure 
defined using a resource definition component 

Flint does not explicitly or inherently teach these recited features and relationships and 
therefore does not anticipate claim 27. 
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Claim 29 

Claim 29 is an independent claim directed to a graphical user interface for a security 
service for a computer network. The Action at page 2 alleges that the recited grid is interpreted as 
the GUI shown in Figures 6a-6d, 7, and 8. Appellants disagree. 

Claim 29 specifically recites a grid comprising nodes laid out on a first and on a second 
axis. The grid comprises *'user labels corresponding to the users in the business relationship tree 
data structure, each user label labelling nodes ahgned relative to the first axis of the grid". The 
grid also comprises "resource labels corresponding to the defined services and resources in the 
resource tree data structure, each resource label labelling nodes aligned relative to the second 
axis of the grid". In addition claim 29 recites that "the nodes in the grid corresponding to access 
policies for the defined users and defined services and resources, corresponding to the user and 
resource labels". 

Nowhere do the GUIs shown in Figures 6a-6d, 7, and 8 show grids with these recited 
features. These Figures in Flint show decision trees which do not include user or resource labels 
on axes of a grid. Also these Figures in Flint do not show or suggest that the displayed decision 
trees even have an organization which would enable nodes in the decision trees to have 
corresponding user labels and resource labels on axes of the grid. 

As shown in Figure 6a, a square icon (102) is a decision node which checks a connection 
request to determine if the request is accessing permitted IP addresses or hosts. If so, control 
moves to Allow node 104. If not control moves to Deny node 106 (Column 20, lines 30-34). As 
shown in Figure 6b, the decision tree may include a "user authentication filter" node (108). Also 



-17- 



as shown in Figure 6c the decision tree may include a "user/group decision node" (110) (Column 
20, lines 36-47). 

Flint does not disclose or suggest a grid comprising nodes which are labelled along a first 
axis with user labels and are labelled on a second axis with resource labels. Rather the nodes 
taught in Flint (e.g. user/group decision node 110, deny node 1 12, and smart filter 1 14) are only 
represented by icons. Nowhere in Figures 6a-6d, 7, and 8 of Flint are there shown user labels 
along one axis or resource labels long another axis which correspond to the nodes of Flint's 
decision tree. 

In addition, claim 29 specifically recites that the nodes in the grid corresponding to access 
policies for the defined users and defined services and resources, corresponding to the user and 
resource labels. Nowhere does Flint teach or suggest that it would be even possible to add such 
user labels and resource labels for purposes of labelling the node icons in Flint. For example, 
nowhere does Flint disclose or suggest that any of the node icons aligned along a vertical axis 
(e.g. icons 102, 110, 108, 104 in Figure 7) or a horizontal axis (e.g. icons 110, 120, 112 in Figure 
7) correspond to a common user on a first axis or a common resource on a second axis. 

In addition, the rejection relies on conclusory statements, not evidence of record. For 
example, to support the rejection of claim 29, the Action relies on conclusory statements such as 
"the alignment of objects to an axis is well known in the art when designing computer programs 
to be displayed on a computer screen" and "it is also well known in the art there are many 
different ways to represent information. Take for example your typical Excel spreadsheet ..." 
(pages 2-3). The Action's mere assertions do not constitute the required prior art evidence of 
record, and thus lack substantial evidence support. The determination of patentability must be 
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based on evidence of record, not on unsubstantiated assertions. As the evidence of record does 
not support the rejection, the claims should be allowed. In re Zurko, supra. In re Lee, supra. 
MPEP § 2144.03. 

The Action also states (page 7) that Flint discloses the recited features of "user labels 
corresponding to the users in the business relationship tree data structure, each user label 
labelling nodes aligned relative to the first axis of the grid" at Column 5, lines 29-31. The Action 
also alleges that Flint discloses the recited features of "resource labels corresponding to the 
defined services and resources in the resource tree data structure, each resource label labelling 
nodes aligned relative to the second axis of the grid, the nodes in the grid corresponding to access 
policies for the defined users and defined services and resources, corresponding to the user and 
resource labels" at Column 6, lines 25-37. Appellants disagree. 

Column 5, lines 29-31 of Flint referenced in the Action only discuses a user or group 
hsted in a node 70.1. It appears that the single node icon labelled 70.1 shown in Figure 4 is 
intended to graphically correspond to one or more users or groups. However, nowhere does Flint 
disclose or suggest that user labels be displayed along an axis of a grid corresponding to the 
position of the node 70.1. Thus nowhere in Figure 4 or anywhere else in Flint is there disclosed 
or suggested the recited feature (in claim 29) of "user labels corresponding to the users in the 
business relationship tree data structure, each user label labelling nodes aligned relative to the 
first axis of the grid". 

In addition, Column 6, lines 25-37 of Flint referenced in the Action only discuss features 
of decision and filter nodes. Nowhere in this portion of Flint or anywhere else in Flint is there 
discloses or suggested displaying resource labels along a second axis of a grid corresponding to 
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the position of either a decision or fiUer node. Thus nowhere does FHnt disclose or suggest the 
recited feature (in claim 29) of "resource labels corresponding to the defined services and 
resources, each resource label labelling nodes aligned relative to the second axis of the grid". 

The Action also states with respect to claim 54 that the alignment to the first axis (for the 
user labels) is inherent in a GUI. It appears by this statement that the Action acknowledges that 
Flint does not expressly disclose at least the user labels along a first axis. However, Appellants 
disagree that this feature would then be inherent. 

Anticipation by inherency requires that the Patent Office establish that persons skilled in 
the art would recognize that the missing element is necessarily present in the reference. To 
establish inherency the Office must prove through citation to prior art that the feature alleged to 
be inherent is "necessarily present" in a cited reference. Inherency may not be established based 
on probabiUties or possibiUties. It is plainly improper to reject a claim on the basis of 35 U.S.C. 
§ 102 based merely on the possibility that a particular prior art disclosure could or might be used 
or operated in the manner recited in the claim. In re Robertson, 169 F.3d 743, 49 U.S.P.Q. 2d 
1949 (Fed. Cir. 1999). 

With respect to Flint, user labels are not "necessarily present". For example, it is 
theoretically possible (although not disclosed) that any user or users associated with the user or 
group node 70.1 in Figure 4 could be displayed as a listing in a different window by double 
clicking on the node icon. Thus there is no inherent need in Flint for the GUI which displays the 
node 70.1 to include a user label associated with the node along an axis. Further, as FHnt teaches 
that the node 70.1 may correspond to a Ust of users or groups (plural) (Column 5, lines 31-32), 
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the graphical difficulty in displaying labels for a list of users in the same location on an axis of a 
grid for a node provides further evidence that user labels are not "necessarily present" in Flint. 

In addition, claim 29 recites that the nodes in the grid correspond to the user and resource 
labels . Nowhere does Flint disclose or suggest that any of its described nodes correspond to both 
user labels and resource labels included on respective axes of a grid. Thus even if Flint discloses 
(which it does not) or it was inherent in Flint (which it is not) for a grid to include either user 
labels or resource labels, nowhere does Flint disclose or suggest as recited in claim 29 that "the 
nodes in the grid corresponding to access policies for the defined users and defined services and 
resources for the computer network, corresponding to the user and resource labels". 

The Action also states that Flint discloses the recited feature of "the computer network 
comprising defined users represented by a business relationship tree data structure" at Column 3, 
lines 31-47 and discloses the recited feature of "the computer network fixrther comprising 
services and resources, represented by a resource tree data structure" at Column 6, lines 25-37. 
Appellants disagree. 

Column 3, lines 31-47 of Flint discusses defining Regions (e.g. Sales Office, Worldwide 
Customer Service) to which one or more networks are assigned (Column 3, lines 39-43). This 
referenced portion of Flint does not disclose or suggest "defined users represented by a business 
relationship tree data structure". In addition, although Figure 3, includes text adjacent the R&D 
network box (32) corresponding to USERl, USER2, etc., nowhere does Flint disclose or suggest 
that such text shown in the drawing corresponds to "defined users represented by a business 
relationship tree data structure". Further nowhere does Flint disclose or suggest that the system 
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of Flint is capable of displaying user labels in a graphical user interface corresponding to defined 
users represented by a business relationship tree data structure. 

As discussed previously, Column 6, lines 25-37 of Flint discusses defining 
features of decision and filter nodes for a decision tree. Thus it appears that the Action may 
regard the decision tree in Flint as corresponding to the recited feature of "a business 
relationship tree data structure'*. However, as discussed previously, the Action also argues that 
the decision tree in Flint as shown in Figured 6a-6d, 7 and 8 corresponds to the recited grid of 
nodes. Appellants respectfully submit that the decision tree shown in Flint is not disclosed as (or 
is capable of) corresponding to both the recited business relationship tree data structure and the 
recited grid comprising nodes laid out on a first axis and on a second axis with corresponding 
user and resource labels. Therefore Flint does not disclose or suggest at least one of these recited 
features. 

Flint does not explicitly or inherently teach the features and relationships recited in claim 
29. For all of these many reasons Flint does not anticipate claim 29. Therefore, Appellants 
respectfully submit that the 35 U.S.C. § 102(b) rejection should be withdrawn. It follows the 
rejection of claim 30 which depends firom claim 29 should also be withdrawn. 

Claim 54 

Claim 54 is an independent claim directed to a method for displaying access policies for a 
security service for a computer network. The Action at page 2 alleges that the grid produced by 
the recited method is interpreted as the GUI shown in Figures 6a-6d, 7, and 8. Appellants 
disagree. 
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Nowhere do the GUIs shown in Figures 6a-6d, 7, and 8 show grids with the features 
produced according to the recited steps. For example, these Figures in FUnt show decision trees 
which do not include user or resource labels on axes of a grid. Also, these Figures in Flint do not 
show or suggest that the displayed decision trees even have an organization which would enable 
nodes in the decision trees to have corresponding user labels and resource labels on axes of the 
grid. 

As shown in Figure 6a, a square icon (102) is a decision node which checks a connection 
request to determine if the request is accessing permitted IP addresses or hosts. If so, control 
moves to Allow node 104. If not, control moves to Deny node 106 (Column 20, lines 30-34). 
As shown in Figure 6b, the decision tree may include a "user authentication filter" node (108). 
Also, as shown in Figure 6c, the decision tree may include a "user/group decision node" (110) 
(Column 20, lines 36-47). 

Flint does not disclose or suggest a grid comprising nodes which are labelled along a first 
axis with user labels and are labelled on a second axis with resource labels. Rather, the nodes 
taught in Flint (e.g. user/group decision node 110, deny node 1 12, and smart filter 1 14) are only 
represented by icons. Nowhere in Figures 6a-6d, 7, and 8 of Flint are there shown user labels 
along one axis or resource labels long another axis which correspond to the nodes of Flint's 
decision tree. 

Thus nowhere in Figures 6a-6d, 7, and 8 or anywhere else in Flint is there disclosed or 
suggested the steps of "displaying, on the grid, unit user labels corresponding to the user data, 
each user label labelling nodes ahgned relative to the first axis of the grid" and "displaying on 
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the grid, resource labels corresponding to the services and resources data, each resource label 
labelling nodes aligned relative to the second axis of the grid". 

In addition, claim 54 specifically recites the step of "displaying, on a computer display 
unit, a grid having nodes, laid out on a first and on a second axis . . .the nodes in the grid 
correspond to access policies for the defined users and defined services and resources for the 
computer network, corresponding to the user and resource labels." Nowhere does Flint teach or 
suggest that it would be even possible to add such user labels and resource labels for purposes of 
labelling the node icons in Flint. For example, nowhere does Flint disclose or suggest that any 
of the node icons aUgned along a vertical axis (e.g. icons 102, 1 10, 108, 104 in Figure 7) or a 
horizontal axis (e.g. icons 110, 120, 1 12 in Figure 7) correspond to a common user on one axis or 
a common resource on a second axis. Thus Flint does not disclose or suggest displaying a grid 
of nodes in the manner recited in the claim. 

In addition, the rejection relies on conclusory statements, not evidence of record.. For 
example, to support the rejection of claim 54, the Action relies on conclusory statements such as, 
". . . the alignment of objects to an axis is well known in the art when designing computer 
programs to be displayed on a computer screen" and, "It is also well known in the art there are 
many different ways to represent information. Take for example your typical Excel spreadsheet 
. . ." (pages 2-3). The Action's mere assertions do not constitute the required prior art evidence of 
record, and thus lack substantial evidence support. The determination of patentability must be 
based on evidence of record, not on unsubstantiated assertions. As the evidence of record does 
not support the rejection, the claims should be allowed. In re Zurko, supra. In re Lee, supra. 
MPEP§ 2144.03. 
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The Action also states (page 6) with respect to claim 54 that Flint discloses the 
"displaying, on the grid, unit user labels . . step (Column 5, lines 29-31) as well as the 
"displaying on the grid, resource labels . . ." step (Column 6, lines 25-37). Appellants disagree. 

Column 5, lines 29-31, of Flint referenced in the Action only discuses a user or group 
listed in a node 70.1. It appears that the single node icon labelled 70.1 shown in Figure 4 is 
intended to graphically correspond to one or more users or groups. However, nowhere does Flint 
disclose or suggest that user labels be displayed along an axis of a grid corresponding to the 
position of the node 70. 1 . Thus nowhere in Figure 4 or anywhere else in Flint is there disclosed 
or suggested the recited step of "displaying, on the grid, unit user labels corresponding to the user 
data, each user label labelling nodes aUgned relative to the first axis of the grid". 

In addition. Column 6, lines 25-37, of Flint referenced in the Action only discuss features 
of decision and filter nodes. Nowhere in this portion of Flint or anywhere else in Flint is there 
disclosed or suggested displaying resource labels along a second axis of a grid corresponding to 
the position of either a decision or filter node. Thus nowhere does Flint disclose or suggest the 
recited step of "displaying on the grid, resource labels corresponding to the services and 
resources data, each resource label labelling nodes aUgned relative to the second axis of the grid". 

The Action also states that the alignment to the first axis (for the user labels) is inherent 
in a GUI. It appears by this statement that the Action acknowledges that Flint does not expressly 
disclose at least the user labels along a first axis. However, Appellants disagree that this feature 
would then be inherent. 

Anticipation by inherency requires that the Patent Office establish that persons skilled in 
the art would recognize that the missing element is necessarily present in the reference. To 
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establish inherency, the Office must prove through citation to prior art that the feature alleged to 
be inherent is "necessarily present" in a cited reference. Inherency may not be established based 
on probabilities or possibiUties. It is plainly improper to reject a claim on the basis of 35 U.S.C. 
§ 102 based merely on the possibility that a particular prior art disclosure could or might be used 
or operated in the manner recited in the claim. In re Robertson, 169 F.3d 743, 49 U.S.P.Q. 2d 
1949 (Fed. Cir. 1999). 

With respect to Flint, user labels are not "necessarily present". For example, it is 
theoretically possible (although not disclosed) that any user or users associated with the user or 
group node 70.1 in Figure 4 could be displayed as a listing in a different window by double 
clicking on the node icon. Thus there is no inherent need in Flint for the GUI which displays the 
node 70.1 to include a user label associated with the node along an axis. Further, as Flint teaches 
that the node 70.1 may correspond to a list of users or groups (plural) (Column 5, lines 31-32) , 
the graphical difficulty in displaying labels for a list of users in the same location on an axis of a 
grid for a node provides further evidence that user labels are not "necessarily present" in Flint. 

In addition, claim 54 recites that the nodes in the grid correspond to the user and resource 
labels . Nowhere does Flint disclose or suggest that any of its described nodes correspond to both 
user labels and resource labels included on respective axes of a grid. Thus even if Flint discloses 
(which it does not) or it was inherent in Flint (which it is not) that a grid include either user labels 
or resource labels, nowhere does Flint disclose or suggest as recited in claim 54 that "the nodes in 
the grid correspond to access policies for the defined users and defined services and resources for 
the computer network, corresponding to the user and resource labels". 

Flint does not explicitly or inherently teach the features, relationships, and steps recited in 
claim 54. For all of these many reasons, Flint does not anticipate claim 54. Therefore, 
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Appellants respectfully submit that the 35 U.S.C. § 102(b) rejection should be withdrawn. It 
follows the rejections of claims 26-29 which diepend from claim 54 should also be withdrawn. 

Claim 55 

Claim 55 depends from claim 54. The Action has not shown where Flint teaches or 
suggests a program storage device readable by a machine which tangibly embodies a program of 
instructions executable by the machine. Further, as discussed previously, Flint does not disclose 
or suggest any machine capable of perform the method steps recited in claim 54. 

Flint does not explicitly or inherently teach these recited features and relationships and 
therefore does not anticipate claim 55. 

The 35 U.S.C. § 103 (a) Rejections 

The Applicable Legal Standards 

Before a claim may be rejected on the basis of obviousness pursuant to 35 U.S.C. § 103, 
the Patent Office bears the burden of establishing that all the recited features and relationships of 
the claim are known in the prior art. This is known as prima facie obviousness. To establish 
prima facie obviousness, it must be shown that all the elements and relationships recited in the. 
claim are known in the prior art. If the Office does not produce a prima facie case, then the 
Appellants are under no obligation to submit evidence of nonobviousness. MPEP § 2142 (Eighth 
Edition, August 2001; Rev. 2, May 2004). 
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The evidence of record must teach or suggest the recited features. An assertion of basic 
knowledge and common sense not based on any evidence in the record lacks substantial evidence 
support. In re Zurko, 258 F.3d 1379, 59 USPQ2d 1693 (Fed. Cir. 2001). 

Even if all of the features recited in the claim are known in the prior art, it is still not 
proper to reject a claim on the basis of obviousness unless there is a specific teaching, 
suggestion, or motivation in the prior art to produce the claimed combination. Panduit Corp, v. 
Dennison Mfg. Co., 810F.2d 1561, 1568, 1 USPQ2d 1593 (Fed. Cir. 1987). In re Newell 891 
F.2d 899, 901, 902, 13 USPQ2d 1248, 1250 (Fed. Cir. 1989). 

The teaching, suggestion, or motivation to combine the features in prior art references 
must be clearly and particularly identified in such prior art to support a rejection on the basis of 
obviousness. It is not sufficient to offer a broad range of sources and make conclusory 
statements. In reDembiczak, 50 USPQ2d 1614, 1617 (Fed. Cir. 1999). 

A determination of patentabiUty must be based on evidence of record. In re Lee, 111 
F.3d 1338, 61 USPQ2d 1430 (Fed. Cir. 2002). 

It is respectfully submitted that the Action from which this appeal is taken does not meet 
these burdens. 

Rejection under 35 U.S.C. S 103(a) over Flint in view of Wiegel 

Claims 28, 30, and 45 were rejected under 35 U.S.C. § 103(a) as being unpatentable over 
Flint in view of Wiegel. These rejections are respectfully traversed. 
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Claim 28 

Claim 28 depends from claim 25 and recites that the graphical user interface further 
comprises an access policy editor for defining the nodes in the grid. The access poUcy editor 
comprising means for graphically assembling icons representing policy rules to define an access 
policy for a user-specified node. 

Appellants disagree that it would be obvious to combine Wiegel with Flint. Nowhere 
does Flint disclose that any of its described nodes (60, 61, 62, 62.1, 62.2, 64, 64.1, 64.2. 64.3, 
64.4, 66, 68, 70, 70.1, 70.2, 72, 74, 76, 78, 80, 102, 104, 106, 108, 110, 112, 114, 116, 118, 120, 
122, 124, 126, 128, 130, 132, 134 etc.) individually correspond to access poHcies. Thus there is 
no teaching, suggestion or motivation in either Wiegel or Flint to provide a graphical user 
interface editor to define the nodes shown in Flint. Therefore the rejection of claim 28 should be 
withdrawn. 

Further, Wiegel does not disclose or suggest the above described features and 
relationships recited in the parent claim 25, which are not disclose or suggested in Flint, 
Thus Office has not established prima facie obviousness with respect to claim 28, and it is 
respectfiiUy submitted the rejection should be reversed. 

Claim 30 

Claim 30 depends from claim 29 and recites that the grid comprises inheriting nodes and 
defining nodes, the defining nodes corresponding to access policies expressly defined by a policy 
manager, the graphical user interface fiirther comprising means for displaying inherited access 
policies for inheriting nodes in the grid by propagating access policies from the defining nodes in 
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the grid across the inheriting nodes below the defining nodes in each of the business relationship 
tree data structure and the resource tree data structure. 

Appellants disagree that it would be obvious to combine Wiegel with Flint. Nowhere 
does Flint disclose that any of its described nodes (60, 61, 62, 62.1, 62.2, 64, 64.1, 64.2. 64.3, 
64.4, 66, 68, 70, 70.1, 70.2, 72, 74, 76, 78, 80, 102, 104, 106, 108, 110, 112, 114, 116, 118, 120, 
122, 124, 126, 128, 130, 132, 134 etc.) individually correspond to access policies. Further, 
nowhere in Column 13, lines 37-50, referenced in the Action or anywhere else in either Wiegel 
or Flint is there disclosed or suggested that the specific types of nodes shown in Flint are even 
capable of inheriting access policies from other nodes in the grid. Therefore, there is no teaching 
suggestion or motivation in either Wiegel or Flint to modify Flint to include in a graphical user 
interface means for displaying inherited access poHcies for inheriting nodes in the grid by 
propagating access policies from the defining nodes in the grid across the inheriting nodes below 
the defining nodes in each of the business relationship tree data structure and the resource tree 
data structure. Therefore, the rejection of claim 30 should be withdrawn. 

Further, Wiegel does not disclose or suggest the above described features and 
relationships recited in the parent claim 29, which are not disclose or suggested in Flint. 
Thus Office has not established prima facie obviousness with respect to claim 30, and it is 
respectfiiUy submitted the rejection should be reversed. 
Claim 45 

Claim 45 is a multiple dependent claim depending from claims 25, 26, and 30. The 
Action has not shown where Flint or Wiegel teaches or suggests a computer program product 
comprising a computer usable medium having computer readable program code means embodied 
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in said medium for implementing the graphical user interface. Further, as discussed previously, 
Flint does not disclose or suggest any computer usable medixmi for implementing the graphical 
user interface of claim 25, 26, or 30. In addition, Wiegel does not disclose or suggest the above 
described features and relationships recited in the parent claims 25, 26, or 30, v^hich are not 
disclose or suggested in Flint. Thus Office has not established prima facie obviousness with 
respect to claim 45, and it is respectfully submitted the rejection should be reversed. 



Each of Appellants' pending claims specifically recites elements, features, relationships, 
and steps that are neither disclosed nor suggested in any of the applied prior art. Furthermore, 
the applied prior art is devoid of any teaching, suggestion, or motivation for producing the recited 
invention. For these reasons, it is respectfully submitted that all the pending claims are 
allov^able. 



CONCLUSION 



Respectfully submitted. 
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(viii) 



CLAIMS APPENDIX 



25. A graphical user interface for a security service for a computer network, the computer 
network comprising defined users, services and resources, the graphical user interface displaying 

a grid comprising nodes laid out on a first and on a second axis, 

user labels corresponding to defined users, each user label labeling nodes aligned 
relative to the first axis of the grid, 

resource labels corresponding to the defined services and resources, each resource 
label labeling nodes aligned relative to the second axis of the grid, and 

the nodes in the grid corresponding to access policies for the defined users and defined 
services and resources for the computer network, corresponding to the user and resource 
labels. 

26. The graphical user interface of claim 25 further comprising a user definition component for 
defining a business relationship tree data structure representing a set of the defined users and in 
which the user labels displayed by the graphical user interface correspond to the business 
relationship tree data structure. 

27. The graphical user interface of claim 25 further comprising a resource definition component 
for defining a resource tree data structure representing a set of the defined services and resources 
and in which the resource labels displayed by the graphical user interface correspond to the 
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resource tree data structure. 

28. The graphical user interface of claim 25 further comprising an access policy editor for 
defining the nodes in the grid, the access policy editor comprising means for graphically 
assembling icons representing policy rules to define an access policy for a user-specified node. 

29. A graphical user interface for a security service for a computer network, the computer 
network comprising defined users represented by a business relationship tree data structure, the 
computer network further comprising services and resources, represented by a resource tree data 
structure, the graphical user interface comprising display means for displaying 

a grid comprising nodes laid out on a first axis and on a second axis, 

user labels corresponding to the users in the business relationship tree data structure, each 
user label labeling nodes aligned relative to the first axis of the grid, and 

resource labels corresponding to the defined services and resources in the resource tree 
data structure, each resource label labeling nodes aligned relative to the second axis of the 
grid, 

the nodes in the grid corresponding to access policies for the defined users and defined 
services and resources, corresponding to the user and resource labels. 

30. The graphical user interface of claim 29, the grid comprising inheriting nodes and defining 
nodes, the defining nodes corresponding to access policies expressly defined by a policy 
manager, the graphical user interface further comprising means for displaying inherited access 
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policies for inheriting nodes in the grid by propagating access poUcies from the defining nodes in 
the grid across the inheriting nodes below the defining nodes in each of the business relationship 
tree data structure and the resource tree data structure. 

45. A computer program product for use with a security service for a computer network, said 
computer program product comprising a computer usable medium having computer readable 
program code means embodied in said medium for implementing the graphical user interface of 
claim 25,26, or 30. 

54. A method for displaying access policies for a security service for a computer network, the 
computer network comprising defined users, services and resources, the method comprising the 
steps of: 

displaying, on a computer display unit, a grid having nodes, laid out on a first and on a 
second axis, 

displaying, on the grid, unit user labels corresponding to the user data, each user label 
labeling nodes aUgned relative to the first axis of the grid, and 

displaying on the grid, resource labels corresponding to the services and resources data, 
each resource label labeling nodes ahgned relative to the second axis of the grid, 

whereby the nodes in the grid correspond to access poUcies for the defined users and defined 
services and resources for the computer network, corresponding to the user and resource 



labels. 

55. A program storage device readable by a machine, tangibly embodying a program of 
instructions executable by the machine to perform the method steps of claim 52, 53 or 54. 
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